Earlier this year, security researchers reported the use of legitimate security tools in multiple attacks against Ukrainian organizations, including government agencies, nonprofits, and tech companies.

According to a Microsoft report, legitimate security tools used included Impacket, a penetration testing tool.

The same tool emerged earlier this month in an attack by the Russian state-sponsored group Sandworm, which Ukraine’s Computer Emergency Response Team said was attempting to take down a major Ukrainian utility.

Now, the same security tool has been identified as the number one global threat among customers of Red Canary, a managed detection and response company.

Security tools for good and bad

Impacket is what Red Canary calls a “dual-use” tool. Enterprises use these tools for both IT administration and testing, said Lauren Podber, the company’s lead intelligence analyst.

Impacket can be used for…

Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.